SkillHub 0.2.12
The 0.2.12 release focuses on anonymous public CLI installs, security hardening, notification reliability, and CI/dependency maintenance.
🌟 Highlights
- Anonymous public CLI search and install are now supported with installability filtering, restricted-skill handling, and bearer-token hardening by @dongmucat in #523
- Security review hardening closes release/runtime, archive extraction, workflow, scanner, and validation gaps by @dongmucat in #508
- Notification delivery is more reliable for profile reviews, promotion reviewer notices, publish events, and SSE streams by @dongmucat in #530, #533, and #539
🚨 Breaking Changes
- Invalid CLI bearer tokens now fail closed instead of falling back to anonymous access. Refresh credentials or omit the invalid token before CLI search/install by @dongmucat in #523
✨ Features
- Support anonymous public search and install in the CLI by @dongmucat in #523
- Add AgentGuard as a built-in skill from the cloud manifest by @dongmucat in #526
🐛 Bug Fixes
- Treat the highlighted CLI install target as selected when pressing Enter by @SenLinLeo in #534
- Preserve SSE headers for notification streams by @dongmucat in #539
- Keep notification SSE live-push streams open and add profile review notifications by @dongmucat in #530
- Avoid publish notifications for promotion reviewers by @dongmucat in #533
- Allow super admins to review their own promotion requests by @dongmucat in #536
- Harden review/security findings across runtime secrets, release validation, archive extraction, scanner gating, and workflow permissions by @dongmucat in #508
- Filter installable CLI search results before pagination and reject anonymous restricted resolves cleanly by @dongmucat in #523
⚡ Performance
- None identified in the v0.2.11..HEAD range.
📚 Documentation
- Update CLI README/help for anonymous public search and install by @dongmucat in #523
- Remove handwritten notification OpenAPI docs and refresh profile-review related docs by @dongmucat in #530
- Refresh docs site dependencies and security authorization docs by @dongmucat in #538
🔧 Chore
- Patch Dependabot security alerts by @dongmucat in #538
- Remove unsupported Python CodeQL scanning from the security workflow by @dongmucat in #537
- Add workflow, runtime-secret, release-config, and dev-web host tests for the hardened release path by @dongmucat in #508
📖 Documentation
- Docs site: https://iflytek.github.io/skillhub/
👥 New Contributors
- @SenLinLeo made their first contribution in #534
Full Changelog: v0.2.11...{{tag}}